Skip to content

Automated patch releases for devcontainer-native on main #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jooh merged 2 commits into from
Apr 2, 2026
Merged

Automated patch releases for devcontainer-native on main #11

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d0792a6
Add automated devcontainer-native patch release workflow
jooh Apr 2, 2026
6a21e7b
Address release workflow review feedback
jooh Apr 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
94 changes: 94 additions & 0 deletions .github/workflows/devcontainer-native-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
name: devcontainer-native-release

on:
push:
branches:
- main

concurrency:
group: devcontainer-native-release-${{ github.ref }}
cancel-in-progress: false

permissions:
contents: write

jobs:
release:
runs-on: ubuntu-latest
env:
CARGO_TOML_PATH: cmd/devcontainer-native/Cargo.toml
CRATE_DIR: cmd/devcontainer-native
TAG_PREFIX: devcontainer-native-v
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Setup Rust
uses: dtolnay/rust-toolchain@stable

- name: Compute next patch version
id: version
shell: bash
run: |
set -euo pipefail
git fetch --tags --force

latest_tag=$(git tag --list "${TAG_PREFIX}*" --sort=-version:refname | head -n 1)
if [[ -z "$latest_tag" ]]; then
Comment on lines +38 to +39
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Add concurrency guard before deriving next tag

This workflow computes next_version from current tags without any concurrency key, so two push runs on main can execute in parallel, both pick the same latest_tag, and then race to publish the same release tag; one run will fail at release creation. GitHub Actions docs state the default behavior allows multiple workflow runs concurrently, so release numbering here is not safe under normal multi-push activity.

Useful? React with 👍 / 👎.

base_version="0.0.0"
else
base_version="${latest_tag#${TAG_PREFIX}}"
fi

IFS='.' read -r major minor patch <<< "$base_version"
next_version="${major}.${minor}.$((patch + 1))"
next_tag="${TAG_PREFIX}${next_version}"

echo "latest_tag=${latest_tag}" >> "$GITHUB_OUTPUT"
echo "version=${next_version}" >> "$GITHUB_OUTPUT"
echo "tag=${next_tag}" >> "$GITHUB_OUTPUT"

- name: Set Cargo version
shell: bash
run: |
set -euo pipefail
version='${{ steps.version.outputs.version }}'
perl -0pi -e 's/^version\s*=\s*"[0-9]+\.[0-9]+\.[0-9]+"/version = "'"$version"'"/m' "$CARGO_TOML_PATH"

- name: Build release binary
shell: bash
run: |
set -euo pipefail
cargo build --release --manifest-path "$CARGO_TOML_PATH"

- name: Package release artifact
id: package
shell: bash
run: |
set -euo pipefail
version='${{ steps.version.outputs.version }}'
artifact_name="devcontainer-native-${version}-linux-x64.tar.gz"
tar -C "$CRATE_DIR/target/release" -czf "$artifact_name" devcontainer-native
sha256sum "$artifact_name" > "${artifact_name}.sha256"

echo "artifact=${artifact_name}" >> "$GITHUB_OUTPUT"

- name: Create GitHub release
env:
GH_TOKEN: ${{ github.token }}
shell: bash
run: |
set -euo pipefail
version='${{ steps.version.outputs.version }}'
tag='${{ steps.version.outputs.tag }}'
artifact='${{ steps.package.outputs.artifact }}'

gh release create "$tag" \
--target "$GITHUB_SHA" \
--fail-on-no-commits \
--title "devcontainer-native v${version}" \
Comment on lines +88 to +91
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Fail when no new commits exist for release

gh release create is invoked without --fail-on-no-commits, and the command targets ${GITHUB_SHA}, so rerunning this workflow for an already released commit will still mint another patch tag/release for identical code. The gh release create manual explicitly says releases are created by default even when there are no new commits, which can produce duplicate releases.

Useful? React with 👍 / 👎.

--notes "Automated release for devcontainer-native v${version}." \
"$artifact" \
"${artifact}.sha256"
2 changes: 1 addition & 1 deletion cmd/devcontainer-native/Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion cmd/devcontainer-native/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "devcontainer-native"
version = "0.1.0"
version = "0.0.1"
edition = "2021"
description = "Native Rust foundation for devcontainer CLI"
license = "MIT"
Expand Down